A week in Blackhat

In partnership with

Want SOC 2 compliance without the Security Theater?

Question 🤔 does your SOC 2 program feel like Security Theater? Just checking pointless boxes, not actually building security?

In an industry filled with security theater vendors, Oneleet is the only security-first compliance platform that provides an “all in one” solution for SOC 2.

We’ll build you a real-world Security Program, perform the Penetration Test, integrate with a 3rd Party Auditor, and provide the Compliance Software … all within one platform.

Schedule a demo to get a quote! 🛡️

So I spent a week in Vegas avoiding unknown wifi’s and sending messages over encrypted channels. But also talking to CISOs, identity companies, and security companies and having some great conversations about where we are headed as an industry. Shout out to Oneleet for sponsoring! The newsletter keeps growing, and that means we keep getting new sponsors! Show them some love.

Here’s the rundown.

Andromeda Security

First up, a meeting with Andromeda Security, a new entrance into the Identity Security market focusing on providing security around both human and non-human identities. One word that comes to mind: Impressive.

It’s very clear they put a lot of thought and effort into not just creating another mousetrap but a superior one. Their use of AI is integrated and not gimmicky. Providing useful context and automation. I am looking forward to seeing what kind of noise they make in the industry

Suraksha Catalyst

Next, I have a chance to hang out with Ankur and the great folks at the Suraksha Catalyst. I LOVE EVERYTHING about this group and what they are out to do. I also had a chance to hear about their portfolio companies.

Breakfast Conversations

Next up a round of conversations with CISO’s and Identity leaders talking about the current industry. Said to say that the more things change, the more they stay the same. A lot of discussion around how to move IAM projects along, despite all we’ve done it still seems a number of organizations struggle with connecting with the business and making any significant progress. We can’t expect the vendors to fix this problem, this is on us and practitioners and service providers/consultants. Time to treat identity much more like management consulting than product implementation. But much more on that in upcoming editions.

One conversation I had with a CISO sparked a very interesting dialogue about who the customer really is within an organization. Spoiler alert: It’s not the CISO. While they may be the person who signs off, ultimately, it’s someone within their organization who is the main buyer. Because it’s that person that has the problems to solve, it raises interesting questions about the way vendors have marketed solutions in this space. We’ve become so obsessed with the CISO, that maybe..just maybe we’ve forgotten to really ask ourselves who the customer is.

The UnConference

So I didn't attend a single session at Blackhat and didn’t even buy an expo pass. Blackhat is slowly becoming RSA-like in that you can get more done outside of the conference than in the conference itself. Hallway meetings, breakfast, dinners, and, of course, bars ( I mean, hey, it’s Vegas) give you so many opportunities to connect and have great conversations. I think these conferences have gotten way too overpriced and way too corporate. But that’s just me.

All in all, I had a great time at Blackhat, but not from anything official with the conference. I just took advantage of the fact that so many great minds were in one place at one time. Maybe that’s what we should focus on….

That’s it..a quick recap of my week at Blackhat. Here’s a photo dump for ya: Regularly scheduled newsletter hits your inbox tomorrow